summaryrefslogtreecommitdiff
path: root/raw-wiki-dump/RoughV1.trac
diff options
context:
space:
mode:
Diffstat (limited to 'raw-wiki-dump/RoughV1.trac')
-rw-r--r--raw-wiki-dump/RoughV1.trac112
1 files changed, 112 insertions, 0 deletions
diff --git a/raw-wiki-dump/RoughV1.trac b/raw-wiki-dump/RoughV1.trac
new file mode 100644
index 0000000..a142056
--- /dev/null
+++ b/raw-wiki-dump/RoughV1.trac
@@ -0,0 +1,112 @@
+= Rough Cut at v0.01 Proof of Concept Feature Set =
+
+[[PageOutline]]
+
+This is a proposed version 0.01 product as a proof of concept. The
+intent is not to have a very useful product, but rather to gain
+confidence in our architecture, tools, and team. The result is intended
+to be the basis for further development into a more useful second stage,
+in the sense of
+[https://en.wikipedia.org/wiki/Agile_software_development agile development].
+It very intentionally is not a
+[https://en.wikipedia.org/wiki/Waterfall_model waterfall design],
+
+The interface between the Green and Yellow layers is seen as an important design
+inflection.
+
+Some code will be in C in the Green (auxiliary core) because we can get it open
+source out of the can. for v.2 (or whatever) we would move it down to the FPGA in
+Verilog.
+
+== FPGA Overview ==
+[[Image(HW_sketch_v0001.png)]]
+\\
+\\
+== Sketch of TRNG Chain ==
+[[Image(HW_RNG.png​)]]
+\\
+\\
+
+== Off-FPGA ==
+* Persistent Storage
+ * For Keys and Time
+ * Or the battery for tamper wipe is big enough to hold the FPGA up
+ * Or the Green processor has enough non-volatile store
+* Entropy Source
+* Realtime Clock
+* Tamper Mechanism
+
+== Layers ==
+
+{{{
+#!html
+<h1 style="text-align: left; color: blue">
+ Blue / FPGA
+</h1>
+}}}
+
+* TRNG
+* !BigNumber, Modular, & Exponentiation (expose to green for RSA)
+* SHA-256
+* AES-128
+* EC for ECDH. Curve3617 would be nice, but whatever we can get open source to start
+* OpenRISC Core or ARM to support Green (maybe !FreeScale from Bunnie)
+
+{{{
+#!html
+<h1 style="text-align: left; color: green">
+ Green / On-Chip Core
+</h1>
+}}}
+
+* RSA 2048 & 4096 (move to blue later) [ 1024 for Tor? ]
+* MACs: HMAC, 1305, uMAC
+* DH (move to blue later)
+* Device Activation, Move Authorization, Wiping
+
+{{{
+#!html
+<h1 style="text-align: left; color: yellow">
+ Yellow / Off-Chip Support
+</h1>
+}}}
+
+* Interface to Red
+ * PKCS!#8
+ * PKCS!#11
+ * PGP Support
+* X.509 and PGP
+* PKCS!#11 for POLA resistance
+* No PKCS!#10 because it will take a year
+* Backup may be just dump/restore of the whole FPGA/!CoreState
+
+{{{
+#!html
+<h1 style="text-align: left; color: red">
+ Red / Applications
+</h1>
+}}}
+
+* X.509 CA
+* DNSSEC
+* PGP (asymmetric key sign/verify + symmetric message encryption/decryption)
+* Tor consensus(?)
+
+== Issues in v0.01 ==
+
+* License of tool chain to build
+* License for borrowed components (open cores, open fpga)
+* License for result
+ * What we build ourselves - BSD
+ * What components we ship - life is compromise
+* Toolchains, Verilog, C, ...
+* FPGAs and ASICs use a Verilog-based toolchain. There are no mature open
+ Verilog compilers so the [http://www.dwheeler.com/trusting-trust/ DDC approach]
+ will not work. Net-list optimization is also an issue. We're looking into this,
+ but it's going to be really hard. Research for v2.
+* Protoyping platform
+ * [http://www.bunniestudios.com/blog/?p=3265 Bunnie's Novena laptop]
+ * Altera Evaluation Board
+* RTC, external connectivity to et some sort of assured time
+* Repository - too many git junkies. Keep main repo on our server for the security boundary. Can mirror on !GitHub to be socially cool.
+* Emacs or vi (no Rob, not TECO) :)